NOP 1.0 description

NOP is a recursive acronym for NOP Obfuscated Programming. Program obfuscation involves a number of techniques whose objective is to avoid reverse engineering of applications by hackers, including well-intentioned ones. NOP automatically applies one such technique to Delphi Object Pascal programs: inserting random NOP machine instructions into source code.

The hardware instruction NOP of Intel microprocessors and compatibles occupies 1 byte (hex 90) and takes 3 processor cycles. It doesnt do anything. For a moderately fast 3GHz machine, 1 billion NOPs would execute in 1 second. Compilers generate NOPs in order to align code and data according to word boundaries. The NOP program inserts a random series of NOP instructions all over the code, so that one version of an application is intentionally misaligned with respect to the next.

If you apply this program to your source code, then, for each compilation, the address of sensitive routines changes randomly. By regularly using NOP and uploading the result, your application becomes a moving target for crackers: one day, the bad guy cracks your code and delivers a patch, the next, the patch doesnt work any more.

There is a lot more to obfuscation then just NOPping. Delphi executables carry Run-Time Type Information (RTTI): the source name of classes, procedures, functions, units, form structure, etc. So, if you write a procedure called Validate_Password, its very name is an invitation for crackers using a decompiler, such as the infamous DeDe (Delphi Decompiler). Strings, too, provide precious information: for example, the message Invalid password clearly indicates where even mediocre crackers should place their NOPs.

NOP is freeware. It is the precursor of a more sophisticated shareware obfuscator, called AltDel, by the same author.